Skip to main content
CVE-2025-29118 MEDIUM POC This Month

Tenda AC8 V16.03.34.06 was discovered to contain a stack overflow via the src parameter in the function sub_47D878. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac8 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-29405 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5.* allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Emlog
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-55009 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in AutoBib - Bibliographic collection management system 3.1.140 and earlier allows attackers to execute arbitrary Javascript in the context of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Autobib
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-12136 MEDIUM This Month

Missing Critical Step in Authentication vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Authentication Bypass.01.01. Rated medium severity (CVSS 6.9). No vendor patch available.

Authentication Bypass
NVD VulDB
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-30144 MEDIUM PATCH This Month

fast-jwt provides fast JSON Web Token (JWT) implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2025-29770 MEDIUM PATCH This Month

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Vllm Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30152 MEDIUM PATCH This Month

The Syliud PayPal Plugin is the Sylius Core Team’s plugin for the PayPal Commerce Platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-30196 MEDIUM This Month

Jenkins AnchorChain Plugin 1.0 does not limit URL schemes for links it creates based on workspace content, allowing the `javascript:` scheme, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jenkins Anchorchain
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-26816 MEDIUM This Month

A vulnerability in Intrexx Portal Server 12.0.2 and earlier which was classified as problematic potentially allows users with particular permissions under certain conditions to see potentially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-27018 MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Apache Airflow Providers Mysql
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2025-30092 MEDIUM This Month

Intrexx Portal Server 12.x <= 12.0.2 and 11.x <= 11.9.2 allows XSS in multiple Velocity scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-26486 MEDIUM This Month

Broken or Risky Cryptographic Algorithm, Use of Password Hash With Insufficient Computational Effort, Use of Weak Hash, Use of a One-Way Hash with a Predictable Salt vulnerabilities in Beta80 "Life. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-2324 MEDIUM This Month

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.1.0 before 2023.1.12, from 2024.0.0 before. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Moveit Transfer
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-26485 MEDIUM This Month

A vulnerability in Beta80 Life 1st enables the retrieval of different error messages for failed authentication attempts (in case of the usage of a wrong password or a non existent user). Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-0431 MEDIUM This Month

Enterprise Protection contains a vulnerability in URL rewriting that allows an unauthenticated remote attacker to send an email which bypasses URL protections impacting the integrity of recipient's. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
5.8
EPSS
0.1%
CVE-2025-27705 MEDIUM This Month

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD
CVSS 4.0
5.5
EPSS
0.2%
CVE-2025-23382 MEDIUM This Month

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, contain(s) an Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Secure Connect Gateway
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-27704 MEDIUM This Month

There is a cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.53. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS
NVD
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-26475 MEDIUM PATCH This Month

Dell Secure Connect Gateway (SCG) 5.0 Appliance - SRS, version(s) 5.26, Enables Live-Restore setting which enhances security by keeping containers running during daemon restarts, reducing attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Dell Authentication Bypass Secure Connect Gateway
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-53969 MEDIUM This Month

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe RCE XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-53968 MEDIUM This Month

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe RCE XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-53967 MEDIUM This Month

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe RCE XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-53970 MEDIUM This Month

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-2536 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-2511 MEDIUM This Month

The AHAthat Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-45644 MEDIUM This Month

IBM Security ReaQta 3.12 allows a privileged user to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM File Upload Security Qradar Edr
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-7631 MEDIUM PATCH This Month

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-25132 MEDIUM PATCH This Month

A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Red Hat Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1472 MEDIUM PATCH This Month

Mattermost versions 9.11.x <= 9.11.8 fail to properly perform authorization of the Viewer role which allows an attacker with the Viewer role configured with No Access to Reporting to still view team. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mattermost Server Suse
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-1758 MEDIUM This Month

Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Stack Overflow Multi Tenant Loadmaster Loadmaster
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-50629 MEDIUM This Month

Improper encoding or escaping of output vulnerability in the webapi component in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 7.1.1-42962-7,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Beestation Os Diskstation Manager
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-2290 MEDIUM PATCH This Month

The LifterLMS - WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Lifterlms PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-10445 MEDIUM Monitor

Improper certificate validation vulnerability in the update functionality in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Manager (DSM) before 6.2.4-25556-8, 7.1.1-42962-7,. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Beestation Os Diskstation Manager
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy